Hot Topic
Hawke’s Bay
Mega has deleted a file that could be used to create a one-bullet plastic gun using a 3D printer, Mega CEO Vikram Kumar confirms.
It seems there are limits to how far the The Privacy Company will go to keep protect your files.
"Privacy is not an absolute right," the chief executive tells NBR ONLINE. "Mega will comply with the law."
If required by court with jurisdiction, Mega would even help identify the estimated 100,000 who downloaded the file while it was still online, Mr Kumar tells NBR.
The CEO has been upfront about about Mega's willingness to comply with legislation, and the company has deleted thousands of files following complaints from rights holders. Indeed, he promotes the fact the file sharing service is more proactive than others in this department.
But there are two questions in the case of the gun file. Did merely publishing it break any law? And how exactly does Mega identify a file that it deems needs deleting?
On the face of it, the Liberator violates a law requiring a gun to contain at least one piece of metal, so it's screenable at airports. The US government has also written to Defense Distributed, the Texan company that created the Liberator plastic gun design, warning it that publishing the plans on the global internet may violate weapons export regulations.
"May" is the operative word here (or, more properly, "might") is the operative word here.
The letter (see RAW DATA, below) says publication of the plans could have violated the Arms Export Control Act and the the International Traffic in Arms Regulations. Defense Distributed voluntarily cooperated with the request to take the file off its website.
Kim Dotcom's US lawyer, Ira Rothen told US media "I think it's fair to say that we don't need to do a very complex legal analysis to understand that we are dealing with an issue of first impression regarding printing plans for 3-D guns."
That is, there needs to be a test case to set a precedent in this legal grey area .
In the mean time Mega appears to be erring on the side of caution, and its founder's opinion opinion on plastic guns, which Kim Dotcom outlined in a tweet:
I don't think it's a good idea to print guns. I think the world would be a better place without guns. #Peace
— Kim Dotcom (@KimDotcom) May 11, 2013
I agree with Dotcom. Plastic guns are abhorrent . But then again I'm not working for an outfit that bills itself as The Privacy Company.
And when you're at the cutting edge of protecting people's privacy, you're going to frequently come up against content that offends your moral outlook. You've got to take the crunchy with the smooth.
Crusading for privacy is Mega's key point of difference with rivals including market leader Dropbox (which is ahead with other features such as desktop syncing, and mobile apps), so watering down its policy too much is risky.
Once it decided to delete the 3D gun file, how did Mega locate it amid the millions on its system?
Mega needs both publicly available URL and a decrypt key to find a file, Mr Kumar explained to NBR.
It was because this information was shared publicly that Mega was able to locate then delete the offending file.
But if those details are not in public circulation, "We can't give info we don't have," Mr Kumar says.
The company can only look at a file on its own system if there's a publicly shared link, and publicly shared decryption key (encryption takes place in a user's web browser. If they choose to publicly share a decrypt key, it's included in a file's URL).
If not, then the contents of a file can remain hidden, and encrypted, from the eyes of even the people who run Mega.
Obviously, this means the system could be used to stash all manner of nefarious files, but Mr Rothken has previously told NBR Online that many technologies are "dual use". As with, say, the VCR - to use his example, the public good of file sharing encryption outweighs the bad.
Encryption was always going to be tricky, icky technology - and now more so given Mega's managers seem willing to go on the front foot to delete files that may or may not violate the law.
A third question is, "Who's law?" given that Mega operates globally and taken, collectively, the laws of all the countries in the world ban just about everything. Could it be the laws of the country where the file sharing service is hosted?
On this point, Mr Rothken told one publication the locations of Mega's server's are confidential.
Not so much.
Meeting with NBR on May 1, Mr Kumar confirmed what while the company's goal is a distributed host setup, all Mega files are still hosted by Cogent Systems in Germany.
Lastly, forgetting the plastic gun brouhaha, it's going to be fascinating to see how 3D printers emerge as the next frontier in copyright infringement. These printers - which have been around for years but have now fallen in price to single digit thousands, let you create all manner of plastic items at home by laying down strip after strip of heated plastic, which then cools into shape. Like a hit toy? Find the right computer-aided design (CAD) file online, then print it at home.
RAW DATA: US govt letter to Defense Distributed
United States Department of State
Bureau of Political-Military Affairs
Offense of Defense Trade Controls Compliance
May 08, 2013
In reply letter to DTCC Case: 13-0001444
[Cody Wilson's address redacted]
Dear Mr. Wilson,
The Department of State, Bureau of Political Military Affairs, Office of Defense Trade Controls Compliance, Enforcement Division (DTCC/END) is responsible for compliance with and civil enforcement of the Arms Export Control Act (22 U.S.C. 2778) (AECA) and the AECA’s implementing regulations, the International Traffic in Arms Regulations (22 C.F.R. Parts 120-130) (ITAR). The AECA and the ITAR impose certain requirements and restrictions on the transfer of, and access to, controlled defense articles and related technical data designated by the United States Munitions List (USML) (22 C.F.R. Part 121).
The DTCC/END is conducting a review of technical data made publicly available by Defense Distributed through its 3D printing website, DEFCAD.org, the majority of which appear to be related to items in Category I of the USML. Defense Distributed may have released ITAR-controlled technical data without the required prior authorization from the Directorate of Defense Trade Controls (DDTC), a violation of the ITAR.
Technical data regulated under the ITAR refers to information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles, including information in the form of blueprints, drawings, photographs, plans, instructions or documentation. For a complete definition of technical data, see 120.10 of the ITAR. Pursuant to 127.1 of the ITAR, it is unlawful to export any defense article or technical data for which a license or written approval is required without first obtaining the required authorization from the DDTC. Please note that disclosing (including oral or visual disclosure) or tranferring technical data to a foreign person, whether in the United States or abroad, is considered an export under 120.17 of the ITAR.
The Department believes Defense Distributed may not have established the proper jurisdiction of the subject technical data. To resolve this matter officially, we request that Defense Distributed submit Commodity Jurisdiction (CJ) determination requests for the following selection of data files available on DEFCAD.org, and any other technical data for which Defense Distributed is unable to determine proper jurisdiction:
- Defense Distributed Liberator pistol
- .22 electric
- 125mm BK-14M high-explosive anti-tank warhead
- 5.56/.223 muzzle brake
- Springfield XD-40 tactical slide assembly
- Sound Moderator – slip on
- “The Dirty Diane” 1/2-28 to 3/4-16 STP S3600 oil filter silencer adapter
- 12 gauge to .22 CB sub-caliber insert
- Voltlock electronic black powder system
- VZ-58 sight
DTCC/END requests that Defense Distributed submits its CJ requests within three weeks of the receipt of this letter and notify this office of the final CJ determinations. All CJ requests must be submitted electronically through an online application using the DS-4076 Commodity Jurisdiction Request Form. The form, guidance for submitting CJ requests, and other relevant information such as a copy of the ITAR can be found on DDTC’s website at http://www.pmddtc.state.gov.
Until the Department provides Defense Distributed with the final CJ determinations, Defense Distributed should treat the above technical data as ITAR-controlled. This means that all such data should be removed from public access immediately. Defense Distributed should also review the remainder of the data made public on its website to determine whether any additional data may be similarly controlled and proceed according to ITAR requirements.
Additionally, DTCC/END requests information about the procedures Defense Distributed follows to determine the classification of its technical data, to include aforementioned technical data files. We ask that you provide your procedures for determining proper jurisdiction of technical data within 30 days of the date of this letter to Ms. Bridget Van Buren, Compliance Specialist, Enforcement Division, at the address below.
Office of Defense Trade Controls Compliance
PM/DTCC, SA-1, Room L132
2401 E Street, NW
Washington, DC 20522
Phone 202-663-3323
We appreciate your full cooperation in this matter. Please note our reference number in any future correspondence.
Sincerely,
Glenn E. Smith
Chief, Enforcement Division
© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.
Mega deletes 3D printer gun file; willing to help trace who downloaded it
29356